We see ransomware attacks as one of the most devastating and visible attacks that can impact an organization

Ransomware is no longer simply about encrypting files and asking for Bitcoin. New harassment tactics and double and triple extortion make the traditional advice about maintaining backups insufficient. Ransomware attacks unleash unparalleled devastation on organizations, bringing operations to a grinding halt, compromising critical data, and inflicting substantial financial losses, making it imperative to stay ahead of evolving threats in 2023.

John Harrison is a Cybersecurity Evangelist at Palo Alto Networks and has been there for the past ten years. He leads Network Security Evangelism across EMEA for Next-generation Firewalls, Cloud-delivered security services, SASE solutions and UNIT 42 Threat Intelligence.

The following are the results of a one-on-one interview between John Harrison and Samir Alyev, CEO and Founder of the Swiss Cyber Institute where Samir discusses ransomware with John and how best to deal with it.

A Single Infection is All it Takes. Doesn’t that sum up the problem with ransomware?

Ransomware is no longer simply about encrypting files and asking for Bitcoin. New harassment tactics and double and triple extortion make the traditional advice about maintaining backups insufficient. Ransomware attacks unleash unparalleled devastation on organizations, bringing operations to a grinding halt, compromising critical data, and inflicting substantial financial losses, making it imperative to stay ahead of evolving threats in 2023.

Within the threat landscape ransomware seems to become the biggest threat for organizations. Is that what you also observe at Palo Alto Networks?

Yes, we see ransomware attacks as one of the most devastating and visible attacks that can impact an organization today. The impact and real implications of a ransomware attack on any business are what matters. The company comes to an absolute standstill. You can’t email or communicate inside your company. You can’t pay your employees. You can’t manufacture, ship or invoice any of your customers. You could basically go out of business for a while.

Unfortunately, ransomware attacks continue to be successful and highly profitable, so these devastating attacks will go on.

It must become harder for organizations to counteract ransomware. What are some of the best practices companies should follow to protect themselves?

There are a few important things that organizations should do to protect themselves. Here are some tips that I regularly share with our customers.

1. Simplify your security protection! We regularly see organizations with 30-50 different security solutions. Security complexity leads to security gaps and is almost impossible to manage – this makes possible ransomware breaches more likely.
2. Implement a true Zero Trust ZTNA 2.0 strategy! This helps to ensure applications, users, devices and best-in-class continuous threat inspection.
3. Ensure you have cutting-edge prevention against the latest attack techniques at each stage of the attack lifecycle. Ransomware adversaries are used to initial access, command and control (C2), lateral movement and exfiltration. Legacy technology like port-based firewalls, proxies and URL databases aren’t enough to prevent today’s and tomorrow’s attackers.
4. Reduce the attack surface everywhere with true Layer-7 based application policies. Stop using port-based firewall rules! This isn’t Zero Trust and certainly won’t slow down an attacker.
5. Have a ransomware retainer in place in case the worst happens. Our Unit 42 teams can be an extension of any in-house team to help all the way in case something goes wrong.
6. Do users all need admin privileges? It’s 2023, does every employee need admin rights to install any application they need? Certainly not. Bob in accounting doesn’t ever need to install an executable (EXE) or install other software.

Artificial Intelligence (AI) and Machine Learning (ML) are becoming mainstream in cybersecurity. How can AI and ML contribute to protecting companies against the more sophisticated and highly automated threats that are emerging right now?

To prevent modern day threats requires cutting-edge threat prevention using AI and Deep Learning prevention techniques. I’ll share one example here: Tools such as Cobalt Strike are used by adversaries and easily evade signature-based detections giving you a false sense of security. Palo Alto Networks Advanced Threat Prevention for SASE and Next Generation Firewalls delivered the industry’s first prevention of zero-day threats with inline deep learning models that prevent 96% of web-based Cobalt Strike and 90% of unknown injection attacks.

Another example would be phishing attacks as one of the main initial access vectors for ransomware attacks. You can’t just rely on traditional defenses such as email security. Palo Alto Networks includes three additional layers of phishing attack prevention with our DNS Security and Adv URL Filtering solutions. You can prevent the latest and highly evasive phishing attacks all in real time powered by our machine learning and deep learning models.

There are numerous security players in the market. How is Palo Alto Networks different in its approach to ransomware security and cloud security as a whole?

During a time of macroeconomic environment changes, geopolitical uncertainty, continued hybrid work and the accelerating shift to the cloud, attackers have not stood still. Customers have never needed a strong cybersecurity partner so much. Given we’re the largest independent cybersecurity business, Palo Alto Networks is delivering what’s next in cybersecurity to help organizations get ahead of the threat landscape, with broad industry recognition of our best-of-breed platforms: network security, cloud security, and security operations.

As the cybersecurity partner of choice for our customers our vision is a world where each day is safer and more secure than the one before.